What is Malvertising and How to Protect and Mitigate from it?

What is Malvertising?
In this cyber threats awareness post we will cover following topics:
  • Malvertising vs Ad Malware
  • How Malware inserted into ads?
  • How to protect and mitigate from Malvertising?

Are You Concerned About Malware or Ransomware?
There are preventive measures your organization can take to defend against an cyber attack. LIFARS offering Free 30-minute consultation on cyber resiliency. Email: contact@lifars.com | Call us at: (212) 222-7061

Malvertising is the use of online advertising to spread malware by injecting malicious advertisement into legitimate online advertising networks and webpages. The attackers mostly focus on the high reputable websites such as The London Stock Exchange, Spotify, The New York Times Online and The Atlantic. All these websites have been exposed to malvertising.

Malvertising is different from Ad Malware, as Ad Malware is another form of malware affecting the online advertisement. Adware runs on a user’s computer and it has legit software packages installed with the user’s knowledge. The difference between Malvertising and Ad Malware is that Malvertising runs on the publisher’s web page, whereas Ad Malware runs on the user’s web page. Malvertising affects only when the user is viewing the page, while Ad malware affects users continuously.

Malvertising might perform without users clicking on the malware ad. It could perform by forcing redirection of the browser to malicious sites, and also by “drive by download”.

Once a user clicks on the malicious ad, it executes code that installs malware on the user’s computer and redirects the user to the malicious website, which is operated by the attacker. These types of malicious websites look like legitimate websites that users might not be aware of.

Malvertising has an adverse effect on the publishers, as it damages to publisher’s reputations, loss of traffics and revenues, and legal liability. For the publishers, it is difficult to test all the ads that are shown to the user and hence, it is difficult to block the malicious ad.

Malware is inserted into ads in many ways:

  1. Malware in ad calls: When the ad exchange pushes ads to the user via other third parties, their servers may be compromised by an attacker, who can add malicious code to the ad payload.
  2. Malware infected post-click : An attacker compromises any of the URL which has been clicked by the user on an ad, they can execute malicious code.
  3. Malware in ad creative : It is possible that malware could be embedded in a text or banner ad.
  4. Malware within a pixel: “If an attacker intercepts a pixel’s delivery path, it can send a response, containing malicious code, to the user’s browser.”
  5. Malware within video: Videos such as VAST can infect users by displaying a malicious URL at the end of the video.
  6. Malware within Flash video: Flash video can inject an Ifram into the page downloading malware without clicking on the video.
  7. Malware on landing page: When the user clicks on the ad, it redirects to the legitimate web page but there may be clickable elements that execute malicious code.

How to protect and mitigate from Malvertising?

Malvertising is an attack that needs to protect from the both sides ; end-users and the publishers to mitigate the risk.

End-users

Publishers

Users are highly recommended to run antivirus software, protects against some drive-by downloads or malicious code executed by malvertising.By inquiring about ad delivery paths and security practices will help to prevent webpage from malvertising.
By using Ad blockers to block all ads including their malicious elements. ”Scan and creative intended for display to discover malware or unwanted code.”

 

Avoiding the use of Flash and Java as they have many vulnerabilities.By enforcing a policy of only showing specific file types in an ad frame (JPG, PNG, etc) without allowing JavaScript or other code.

 

Updating browsers, plugins and security software.Web Application Firewall (WAF) can help against some malvertising threats.

 

In Response to the Current Cybersecurity Threats, LIFARS is Offering Innovative Remote Cyber Defense Solutions: The Daily TRUTH, Short-Term Incident Response Retainer, Remote Worker Cyber Resilience.